Typecast string to int inside query string
-
Ran across this today. git blames a new developer, fresh out of college.
Cringed harder than that time he tried to make a SQL query inside Javascript by embedding PHP tags inside the JS file.$db->query("SELECT association FROM UserClasses WHERE codClass=(int)'$this->codClass' AND codUser=(int)'$this->codUser'");
For non-PHP guys, the following is correct, as you can't typecast inside a string:
$db->query("SELECT association FROM UserClasses WHERE codClass='".(int) $this->codClass."' AND codUser='".(int) $this->codUser."'");
-
Cringed harder than that time he tried to make a SQL query inside Javascript by embedding PHP tags inside the JS file.
I'm always amazed at how many people struggle to understand the difference between server side code and client side code. They don't seem to be able to comprehend when and where each is run.
-
The blame tool found that PHP is the culprit.
-
Cringed harder than that time he tried to make a SQL query inside Javascript by embedding PHP tags inside the JS file.
Well hello SQL injection through XSS. We missed you.
-
And this one isn't PHP's fault?
-
And this one isn't PHP's fault?
Depends on how he intended to execute it. Since injecting it into DOM won't do jack shit... dunno, AJAX call to a file that does an
eval
?Yeah, fuck it, it's not PHP this time, unless you want to argue that any language that provides
eval
sucks.
-
For non-PHP guys, the following is correct
For a given level of acceptable SQL injection.
-
For a given level of acceptable SQL injection.
I'd be interested in what you could inject using an int variable.
-
-
I'd be interested in what you could inject using an int
Buh, never mind. I was just having a knee-jerk reaction to not-prepared-statement code.variableexpression.
-
unless you want to argue that any language that provides
eval
sucksYou could argue that, but it makes your code very stodgy. After all, even dynamic library loading (with
dlopen()
or the Win equivalent that I forget the name of right now) could be argued to be a form ofeval
.
-
or the Win equivalent that I forget the name of right now
LoadLibrary()
?
Filed Under: we need a new tag cloud to attack
-
LoadLibrary()
?I use it inside a library which wraps the differences between platforms, so I can never remember it. Finding out would be easy, but I CBA… but I think you're on the right sort of lines.
-
Where are those eye wash stations when you need them?
-
You're optimistic that this pattern isn't being used everywhere, when the original shows type casting inside the query. (which would translate into where xxx = (int) '< < UNSAFE DATA>>')
I kind of suspect the whole thing is just one giant sql injection xss attack waiting to happen.
Why doesn't a backslash escape the < ?
-
-
But the backslash escapes basically every other type of item :(
-
You expect it to be consistent???
-
Well... I certainly did... but then I took an arrow to the knee
-
Because markdown.
And HTML and BBCode are allowed in the same field. As a result, if you want to escape <, you need to use
<
.
-
This is clearly the future, users escaping their own content in the first place!
-
Well... I certainly did... but then I took an arrow to the knee
Now for a word from Boromir:
Filed under: I just couldn't help myself
-
One does not simply... take an arrow to the knee?
-
This is clearly the future, users escaping their own content in the first place!
Well, @Matches started it!
-
This is clearly the future, users escaping their own content in the first place!
Not so very different from using Chrome on CS.
-
Who said backslash?
-
Not true, you could throw a < pre> in front of it, and all of your chrome cs magicaly just worked. (Or at least, mine did.)
-
If you imply whack, I have something for you.
-
-
http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Delectronics&field-keywords=whack+pound
Not sure about a whack pound.
But whack hash returns some more results.
http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Delectronics&field-keywords=whack+hash
-
You're not too #.
[spoiler]sharp[/spoiler]
-
I was going for the meta joke. You ruined it. Ruiner.
-
It's what I do.